mirror of
https://git.openldap.org/openldap/openldap.git
synced 2025-01-24 13:24:56 +08:00
469 lines
21 KiB
Plaintext
469 lines
21 KiB
Plaintext
|
Network Working Group M. Smith
|
||
|
INTERNET-DRAFT Netscape Communications Corp.
|
||
|
Intended Category: Standards Track
|
||
|
Expires: 18 April 2000
|
||
|
|
||
|
18 October 1999
|
||
|
|
||
|
LDAP C API Virtual List View Extension
|
||
|
<draft-smith-ldap-c-api-ext-vlv-00.txt>
|
||
|
|
||
|
1. Status of this Memo
|
||
|
|
||
|
This document is an Internet-Draft and is in full conformance with all
|
||
|
provisions of Section 10 of RFC2026. Internet-Drafts are working docu-
|
||
|
ments of the Internet Engineering Task Force (IETF), its areas, and its
|
||
|
working groups. Note that other groups may also distribute working
|
||
|
documents as Internet-Drafts.
|
||
|
|
||
|
Internet-Drafts are draft documents valid for a maximum of six months
|
||
|
and may be updated, replaced, or obsoleted by other documents at any
|
||
|
time. It is inappropriate to use Internet-Drafts as reference material
|
||
|
or to cite them other than as "work in progress."
|
||
|
|
||
|
The list of current Internet-Drafts can be accessed at
|
||
|
http://www.ietf.org/ietf/1id-abstracts.txt.
|
||
|
|
||
|
The list of Internet-Draft Shadow Directories can be accessed at
|
||
|
http://www.ietf.org/shadow.html.
|
||
|
|
||
|
This draft document will be submitted to the RFC Editor as a Standards
|
||
|
Track document. Distribution of this memo is unlimited. Technical dis-
|
||
|
cussion of this document will take place on the IETF LDAP Extension
|
||
|
Working Group mailing list <ietf-ldapext@netscape.com>. Please send
|
||
|
editorial comments directly to the author <mcs@netscape.com>.
|
||
|
|
||
|
Copyright (C) The Internet Society (1998-1999). All Rights Reserved.
|
||
|
|
||
|
Please see the Copyright section near the end of this document for more
|
||
|
information.
|
||
|
|
||
|
Expires: 18 April 2000 [Page 1]
|
||
|
|
||
|
INTERNET-DRAFT LDAP C API Virtual List View Extension 18 October 1999
|
||
|
|
||
|
2. Introduction
|
||
|
|
||
|
This document defines a virtual list view extension for the LDAP C API
|
||
|
to support the LDAP protocol extensions for scrolling view browsing of
|
||
|
search results. More specifically, this document defines functions to
|
||
|
create virtual list view request controls and to parse virtual list view
|
||
|
response controls.
|
||
|
|
||
|
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
|
||
|
"SHOULD", "SHOULD NOT", "RECOMMENDED", and "MAY" in this document are
|
||
|
to be interpreted as described in RFC 2119 [KEYWORDS].
|
||
|
|
||
|
3. Table of Contents
|
||
|
|
||
|
1. Status of this Memo............................................1
|
||
|
2. Introduction...................................................2
|
||
|
3. Table of Contents..............................................2
|
||
|
4. Background and Intended Usage..................................2
|
||
|
5. Advertising the Virtual List View C LDAP API Extension.........3
|
||
|
6. Creating a Virtual List View Request Control...................3
|
||
|
7. Parsing a Virtual List View Response Control...................6
|
||
|
8. Example Code...................................................8
|
||
|
9. Security Considerations........................................8
|
||
|
10. Copyright......................................................8
|
||
|
11. Bibliography...................................................9
|
||
|
12. Author's Address...............................................9
|
||
|
13. Appendix A - Summary of Additions to the C LDAP API............9
|
||
|
|
||
|
4. Background and Intended Usage
|
||
|
|
||
|
The LDAP C API [CAPI] defines a C language application programming
|
||
|
interface (API) to the Lightweight Directory Access Protocol [LDAP].
|
||
|
This document defines an extension to that API to support an optional
|
||
|
LDAP protocol extension for scrolling view browsing of search results,
|
||
|
also known as Virtual List View [VLV].
|
||
|
|
||
|
The scrolling view browsing LDAP extension itself is designed to allow a
|
||
|
"virtual list box" feature to be supported efficiently by LDAP servers
|
||
|
and clients. The protocol extension consists of two LDAP controls: a
|
||
|
Virtual List View (VLV) Request control which is sent by a client to a
|
||
|
server along with an LDAP search request and a Virtual List View
|
||
|
Response control which is returned by the server to send back status
|
||
|
information about the VLV request.
|
||
|
|
||
|
LDAP clients that wish to use the "virtual list box" feature SHOULD
|
||
|
first check the supportedControls attribute in a server's rootDSE to
|
||
|
|
||
|
Expires: 18 April 2000 [Page 2]
|
||
|
|
||
|
INTERNET-DRAFT LDAP C API Virtual List View Extension 18 October 1999
|
||
|
|
||
|
determine if a value identical to the Virtual List View Request
|
||
|
control's OID is present. If the OID is present and the client chooses
|
||
|
to use the VLV feature, it MUST construct a Virtual List View Request
|
||
|
control and a Server Side Sorting Control [SSS] and send both controls
|
||
|
to the server within an LDAP searchRequest message. Both controls
|
||
|
SHOULD be marked critical. Client applications MAY use the
|
||
|
ldap_create_vlv_control() function described in this document to create
|
||
|
a Virtual List View Request control.
|
||
|
|
||
|
At the end of the search request processing, the server SHOULD return a
|
||
|
Virtual List View Response control in the LDAP searchResultDone message.
|
||
|
A Virtual List View Response control MAY be parsed to extract its con-
|
||
|
tents by using the ldap_parse_vlv_control() function described in this
|
||
|
document.
|
||
|
|
||
|
5. Advertising the Virtual List View C LDAP API Extension
|
||
|
|
||
|
To conform with the requirements defined in the C LDAP API specification
|
||
|
[CAPI], implementations that support this extension SHOULD advertise the
|
||
|
existence of this extension as follows:
|
||
|
|
||
|
Define the macro LDAP_API_FEATURE_VIRTUAL_LIST_VIEW as a value that
|
||
|
corresponds to the "level" or revision of this specification. When
|
||
|
this document is published as an RFC, the value to use for
|
||
|
LDAP_API_FEATURE_VIRTUAL_LIST_VIEW is the RFC number itself. While
|
||
|
this document is an Internet Draft, the value to use is 1000 plus the
|
||
|
revision number of this draft, i.e., 1000 for the -00 revision of
|
||
|
this draft, 1001 for the -01 version, and so on.
|
||
|
|
||
|
Return the text string VIRTUAL_LIST_VIEW in the ldapai_extensions
|
||
|
array of the LDAPAPIInfo structure following a successful call to
|
||
|
ldap_get_option() with an option parameter value of
|
||
|
LDAP_OPT_API_INFO.
|
||
|
|
||
|
Return information about the extension when the ldapaif_name field in
|
||
|
the LDAPAPIFeatureInfo structure is set to the text string
|
||
|
VIRTUAL_LIST_VIEW and a call to ldap_get_option() with an option
|
||
|
parameter value of LDAP_OPT_API_FEATURE_INFO is made.
|
||
|
|
||
|
6. Creating a Virtual List View Request Control
|
||
|
|
||
|
The LDAPVLVInfo structure describes a Virtual List View Request control
|
||
|
and is passed to the ldap_create_vlv_control() function to create a Vir-
|
||
|
tualListViewRequest control. The resulting control SHOULD be passed to
|
||
|
|
||
|
Expires: 18 April 2000 [Page 3]
|
||
|
|
||
|
INTERNET-DRAFT LDAP C API Virtual List View Extension 18 October 1999
|
||
|
|
||
|
the ldap_search_ext() or ldap_search_ext_s() functions described in
|
||
|
[CAPI] to send them to the server. The ldap_create_sort_control() func-
|
||
|
tion described in [SSSAPI] MAY be used to create a Sort control that is
|
||
|
be passed to the server along with the VirtualListViewRequest control.
|
||
|
|
||
|
The LDAPVLVInfo structure MAY also be used by applications to manage the
|
||
|
state information associated with a series of virtual list view
|
||
|
client/server interactions.
|
||
|
|
||
|
/* LDAPVLVInfo structure: */
|
||
|
typedef struct ldapvlvinfo {
|
||
|
int ldvlv_version; /* version of this struct (1) */
|
||
|
unsigned long ldvlv_before_count;
|
||
|
unsigned long ldvlv_after_count;
|
||
|
unsigned long ldvlv_offset; /* used if ldvlv_attrvalue is NULL
|
||
|
*/
|
||
|
unsigned long ldvlv_count; /* used if ldvlv_attrvalue is NULL
|
||
|
*
|
||
|
struct berval *ldvlv_attrvalue;
|
||
|
struct berval *ldvlv_context;
|
||
|
void *ldvlv_extradata; /* for use by application */
|
||
|
} LDAPVLVInfo;
|
||
|
|
||
|
/* value for the ldvlv_version field of the LDAPVLVInfo structure: */
|
||
|
#define LDAP_VLVINFO_VERSION 1
|
||
|
|
||
|
/* function used to create a VirtualListViewRequest control: */
|
||
|
int ldap_create_vlv_control(
|
||
|
LDAP *ld,
|
||
|
LDAPVLVInfo *vlvinfop,
|
||
|
LDAPControl **ctrlp
|
||
|
);
|
||
|
|
||
|
/* OID of the VirtualListViewRequest control: */
|
||
|
#define LDAP_CONTROL_VLVREQUEST "2.16.840.1.113730.3.4.9"
|
||
|
|
||
|
The parameters to the ldap_create_vlv_control() function are:
|
||
|
|
||
|
ld An LDAP session handle, as obtained from a call to
|
||
|
ldap_init().
|
||
|
|
||
|
vlvinfop The address of an LDAPVLVInfo structure whose con-
|
||
|
tents are used to construct the value of the control
|
||
|
that is created.
|
||
|
|
||
|
ctrlp A result parameter that will be assigned the address
|
||
|
of an LDAPControl structure that contains the Virtu-
|
||
|
alListViewRequest control created by this function.
|
||
|
The memory occupied by the LDAPControl structure
|
||
|
SHOULD be freed when it is no longer in use by
|
||
|
|
||
|
Expires: 18 April 2000 [Page 4]
|
||
|
|
||
|
INTERNET-DRAFT LDAP C API Virtual List View Extension 18 October 1999
|
||
|
|
||
|
calling ldap_control_free().
|
||
|
|
||
|
The ldap_create_vlv_control() function returns a C LDAP API error code
|
||
|
to indicate success or failure (LDAP_SUCCESS if all goes well).
|
||
|
|
||
|
The members of the LDAPVLVInfo structure are:
|
||
|
|
||
|
ldvlv_version A number that identifies the version of the
|
||
|
LDAPVLVInfo structure. This SHOULD always be set to
|
||
|
the value LDAP_VLVINFO_VERSION (1).
|
||
|
|
||
|
ldvlv_before_count A count of the number of entries before the target
|
||
|
entry the client wants the server to send back.
|
||
|
This field corresponds to the beforeCount element of
|
||
|
the BER-encoded VirtualListViewRequest control value
|
||
|
itself.
|
||
|
|
||
|
ldvlv_after_count A count of the number of entries after the target
|
||
|
entry the client wants the server to send back.
|
||
|
This field corresponds to the afterCount element of
|
||
|
the BER-encoded VirtualListViewRequest control value
|
||
|
itself.
|
||
|
|
||
|
ldvlv_offset This field is only used if ldvlv_attrvalue is NULL,
|
||
|
i.e, if the byoffset choice within the VirtualList-
|
||
|
ViewRequest control is to be used. ldvlv_offset is
|
||
|
used along with the ldvlv_count value by the server
|
||
|
to determine the target entry. This field
|
||
|
corresponds to the offset element within the BER-
|
||
|
encoded VirtualListViewRequest control value itself.
|
||
|
|
||
|
ldvlv_count This field is only used if ldvlv_attrvalue is NULL,
|
||
|
i.e., if the byIndex choice within the VirtualList-
|
||
|
ViewRequest control is to be used. ldvlv_count is
|
||
|
used along with the ldvlv_offset value by the server
|
||
|
to determine the target entry. This field
|
||
|
corresponds to the contentCount element within the
|
||
|
BER-encoded VirtualListViewRequest control value
|
||
|
itself.
|
||
|
|
||
|
ldvlv_attrvalue If this is not NULL, it indicates that the
|
||
|
greaterThanOrEqual choice within the VirtualList-
|
||
|
ViewRequest is to be used. ldvlv_attrvalue
|
||
|
corresponds to the assertionValue element of the
|
||
|
BER-encoded VirtualListViewRequest control value
|
||
|
itself. This value is compared by the server with
|
||
|
the values of the attribute specified by the primary
|
||
|
sort key to determine the target entry.
|
||
|
|
||
|
Expires: 18 April 2000 [Page 5]
|
||
|
|
||
|
INTERNET-DRAFT LDAP C API Virtual List View Extension 18 October 1999
|
||
|
|
||
|
ldvlv_context If this is not NULL, it is included as the context
|
||
|
identifier in the VirtualListViewRequest control;
|
||
|
ldvlv_context corresponds to the contextID element
|
||
|
within the BER-encoded VirtualListViewRequest con-
|
||
|
trol value itself. If ldvlv_context is NULL, no
|
||
|
context identifier is included in the VirtualList-
|
||
|
ViewRequest control.
|
||
|
|
||
|
ldvlv_extradata This field is reserved for application-specific use
|
||
|
and is not used by the ldap_create_vlv_control()
|
||
|
function; it has no effect on the control that is
|
||
|
created.
|
||
|
|
||
|
7. Parsing a Virtual List View Response Control
|
||
|
|
||
|
When an application receives the result from a VLV search, it SHOULD use
|
||
|
the ldap_parse_vlv_control() function to look for and parse the Virtual
|
||
|
List View Response control returned by the server.
|
||
|
|
||
|
/* function used to look for and parse a VirtualListViewResponse
|
||
|
control: */
|
||
|
int ldap_parse_vlv_control(
|
||
|
LDAP *ld,
|
||
|
LDAPControl **ctrls,
|
||
|
unsigned long *target_posp,
|
||
|
unsigned long *list_countp,
|
||
|
struct berval **contextp,
|
||
|
int *errcodep
|
||
|
);
|
||
|
|
||
|
/* OID of the VirtualListViewResponse control: */
|
||
|
#define LDAP_CONTROL_VLVRESPONSE "2.16.840.1.113730.3.4.10"
|
||
|
|
||
|
/* new error codes: */
|
||
|
#define LDAP_SORT_CONTROL_MISSING 0x3C /* 60 */
|
||
|
#define LDAP_INDEX_RANGE_ERROR 0x3D /* 61 */
|
||
|
|
||
|
The parameters to the ldap_parse_vlv_control() function are:
|
||
|
|
||
|
ld An LDAP session handle.
|
||
|
|
||
|
ctrls The address of a NULL-terminated array of LDAPCon-
|
||
|
trol structures, typically obtained by a call to
|
||
|
ldap_parse_result().
|
||
|
|
||
|
target_posp This result parameter is filled in with the list
|
||
|
index of the target entry. If this parameter is
|
||
|
NULL, the target position is not returned. The
|
||
|
|
||
|
Expires: 18 April 2000 [Page 6]
|
||
|
|
||
|
INTERNET-DRAFT LDAP C API Virtual List View Extension 18 October 1999
|
||
|
|
||
|
value for this result parameter is pulled from the
|
||
|
targetPosition element of the BER-encoded Virtual-
|
||
|
ListViewResponse control value itself.
|
||
|
|
||
|
list_countp This result parameter is filled in with the server's
|
||
|
estimate of the size of the list. If this parameter
|
||
|
is NULL, the size is not returned. The value for
|
||
|
this result parameter is pulled from the con-
|
||
|
tentCount element of the BER-encoded VirtualList-
|
||
|
ViewResponse control value itself.
|
||
|
|
||
|
contextp This result parameter is filled in with the address
|
||
|
of a struct berval that contains the server-
|
||
|
generated context identifier if one was returned by
|
||
|
the server. If the server did not return a context
|
||
|
identifier, this parameter will be set to NULL. The
|
||
|
struct berval returned SHOULD be disposed of by cal-
|
||
|
ling ber_bvfree() when it is no longer needed. If
|
||
|
NULL is passed for contextp, the context identifier
|
||
|
is not returned.
|
||
|
|
||
|
errcodep This result parameter is filled in with the VLV
|
||
|
result code. If this parameter is NULL, the result
|
||
|
code is not returned. The value for this result
|
||
|
parameter is pulled from the virtualListViewResult
|
||
|
element of the BER-encoded VirtualListViewResponse
|
||
|
control value itself. As specified in the VLV pro-
|
||
|
tocol extension [VLV], it will have one of the fol-
|
||
|
lowing values:
|
||
|
|
||
|
LDAP_SUCCESS (0); defined in [CAPI]
|
||
|
LDAP_OPERATIONS_ERROR (1); defined in [CAPI]
|
||
|
LDAP_UNWILLING_TO_PERFORM (53); defined in [CAPI]
|
||
|
LDAP_INSUFFICIENT_ACCESS (50); defined in [CAPI]
|
||
|
LDAP_BUSY (51); defined in [CAPI]
|
||
|
LDAP_TIMELIMIT_EXCEEDED (3); defined in [CAPI]
|
||
|
LDAP_ADMINLIMIT_EXCEEDED (11); defined in [CAPI]
|
||
|
LDAP_SORT_CONTROL_MISSING (60); defined above
|
||
|
LDAP_INDEX_RANGE_ERROR (61); defined above
|
||
|
LDAP_OTHER (80); defined in [CAPI]
|
||
|
|
||
|
The ldap_parse_vlv_control() function returns an LDAP error code that
|
||
|
indicates whether a VLV Result control was found and whether the parsing
|
||
|
was successful. LDAP_SUCCESS is returned if all goes well,
|
||
|
LDAP_CONTROL_NOT_FOUND is returned if the ctrls array does not include a
|
||
|
VirtualListViewResponse control, and another LDAP error code that is
|
||
|
defined in [CAPI] is returned if a parsing error or other problem
|
||
|
occurs.
|
||
|
|
||
|
Expires: 18 April 2000 [Page 7]
|
||
|
|
||
|
INTERNET-DRAFT LDAP C API Virtual List View Extension 18 October 1999
|
||
|
|
||
|
8. Example Code
|
||
|
|
||
|
To be provided.
|
||
|
|
||
|
9. Security Considerations
|
||
|
|
||
|
Most servers will be configured to restrict access to the Virtual List
|
||
|
View feature since poorly-behaved or malicious clients may cause many
|
||
|
resources to be consumed on the server, or allow users to retrieve too
|
||
|
many entries, or allow users to get an accurate count of the number of
|
||
|
entries present in a portion of the DIT. Clients should take care to
|
||
|
not abuse the VLV feature and should be prepared for servers to refuse
|
||
|
to service a particular VLV request due to access control or other
|
||
|
site-defined policies.
|
||
|
|
||
|
Please see the protocol extension document [VLV] for a discussion of
|
||
|
related security considerations.
|
||
|
|
||
|
10. Copyright
|
||
|
|
||
|
Copyright (C) The Internet Society (1998-1999). All Rights Reserved.
|
||
|
|
||
|
This document and translations of it may be copied and furnished to oth-
|
||
|
ers, and derivative works that comment on or otherwise explain it or
|
||
|
assist in its implementation may be prepared, copied, published and dis-
|
||
|
tributed, in whole or in part, without restriction of any kind, provided
|
||
|
that the above copyright notice and this paragraph are included on all
|
||
|
such copies and derivative works. However, this document itself may not
|
||
|
be modified in any way, such as by removing the copyright notice or
|
||
|
references to the Internet Society or other Internet organizations,
|
||
|
except as needed for the purpose of developing Internet standards in
|
||
|
which case the procedures for copyrights defined in the Internet Stan-
|
||
|
dards process must be followed, or as required to translate it into
|
||
|
languages other than English.
|
||
|
|
||
|
The limited permissions granted above are perpetual and will not be
|
||
|
revoked by the Internet Society or its successors or assigns.
|
||
|
|
||
|
This document and the information contained herein is provided on an "AS
|
||
|
IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK
|
||
|
FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT
|
||
|
LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT
|
||
|
INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FIT-
|
||
|
NESS FOR A PARTICULAR PURPOSE.
|
||
|
|
||
|
Expires: 18 April 2000 [Page 8]
|
||
|
|
||
|
INTERNET-DRAFT LDAP C API Virtual List View Extension 18 October 1999
|
||
|
|
||
|
11. Bibliography
|
||
|
|
||
|
[CAPI] M. Smith, T. Howes, A. Herron, M. Wahl, A. Anantha, "The C
|
||
|
LDAP Application Program Interface", INTERNET-DRAFT,
|
||
|
<draft-ietf-ldapext-ldap-c-api-04.txt>, 8 October 1999.
|
||
|
|
||
|
[KEYWORDS] S. Bradner, "Key words for use in RFCs to Indicate Require-
|
||
|
ment Levels", RFC 2119, March 1997.
|
||
|
|
||
|
[LDAP] M. Wahl, T. Howes, S. Kille, "Lightweight Directory Access
|
||
|
Protocol (v3)", RFC 2251, December 1997.
|
||
|
|
||
|
[SSS] A. Herron, T. Howes, M. Wahl, A. Anantha, "LDAP Control
|
||
|
Extension for Server Side Sorting of Search Results",
|
||
|
INTERNET-DRAFT, April 1999.
|
||
|
|
||
|
[SSSAPI] C. Weider, A. Herron, T. Howes, M. Smith, M. Wahl, "LDAP API
|
||
|
Extensions for Sort and Simple Paged Results", INTERNET-
|
||
|
DRAFT, <draft-ietf-asid-ldapv3-api-ext-00.txt>, July 1997.
|
||
|
|
||
|
[VLV] D. Boreham, J. Sermersheim, A. Anantha, M. Armijo, "LDAP
|
||
|
Extensions for Scrolling View Browsing of Search Results",
|
||
|
INTERNET-DRAFT <draft-ietf-ldapext-ldapv3-vlv-03.txt>, 11
|
||
|
June 1999.
|
||
|
|
||
|
12. Author's Address
|
||
|
|
||
|
Mark Smith
|
||
|
Netscape Communications Corp.
|
||
|
501 E. Middlefield Rd., Mailstop MV068
|
||
|
Mountain View, CA 94043
|
||
|
USA
|
||
|
+1 650 937-3477
|
||
|
mcs@netscape.com
|
||
|
|
||
|
13. Appendix A - Summary of Additions to the C LDAP API
|
||
|
|
||
|
This extension introduces the following macros:
|
||
|
|
||
|
LDAP_API_FEATURE_VIRTUAL_LIST_VIEW
|
||
|
LDAP_VLVINFO_VERSION
|
||
|
LDAP_CONTROL_VLVREQUEST
|
||
|
LDAP_CONTROL_VLVRESPONSE
|
||
|
LDAP_SORT_CONTROL_MISSING
|
||
|
LDAP_INDEX_RANGE_ERROR
|
||
|
|
||
|
Expires: 18 April 2000 [Page 9]
|
||
|
|
||
|
INTERNET-DRAFT LDAP C API Virtual List View Extension 18 October 1999
|
||
|
|
||
|
This extension introduces the following structures and typedefs:
|
||
|
|
||
|
ldapvlvinfo
|
||
|
LDAPVLVInfo
|
||
|
|
||
|
This extension introduces the following functions:
|
||
|
|
||
|
ldap_create_vlv_control()
|
||
|
ldap_parse_vlv_control()
|
||
|
|
||
|
Expires: 18 April 2000 [Page 10]
|